s8n/media-acquisition
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-05-20. You can view files and clone it, but cannot push or open issues or pull requests.
media-acquisition/compose/.env.example
obsidian-ai d300d83ce1 init: media-acquisition pipeline scaffold 
Self-hosted BitTorrent + arr-stack + catalog-update pipeline targeting
nullstone (Debian 13). Replaces the legacy onyx -> rsync -> import
round-trip.

Contents:
- README.md          headline + ASCII architecture diagram + quickstart
- CLAUDE.md          project rules (mirrors beta-flix style)
- .gitignore         secrets dirs (.env, gluetun, qbt config, ssh keys)
- .gitleaksignore    allowlist nullstone LAN addr + Tailscale CGNAT
- docs/architecture.md   the plan in detail (gluetun + qbt + arr + catalog)
- docs/migration.md  onyx-qbt -> nullstone-qbt runbook (3 phases)
- docs/trackers.md   tracker schema + IP-pinning + ratio notes (user-curated)
- compose/docker-compose.yml  gluetun v3.40 + qbt 5.0.5 (netns=gluetun) +
                              sonarr/radarr/prowlarr (hotio) + betaflix-catalog
- compose/.env.example       documented env-var template (no secrets)
- compose/traefik/arr.yml    file-provider for qbt/sonarr/radarr/prowlarr
                             .s8n.ru subdomains, LAN+TS only via
                             trusted-only@file + authentik-forwardauth@file
- catalog/catalog.py         Flask service, ~340 LoC, /sonarr + /radarr +
                             /healthz; pulls beta-flix, inserts alphabetic
                             row into MEDIA-LIST.md, writes run log, commits
                             + pushes as obsidian-ai. Idempotent via
                             payload-hash cache.
- catalog/Dockerfile         python:3.12-slim + git + tini
- catalog/requirements.txt   flask + jinja2 + requests + gitpython + pyyaml (pinned)
- catalog/templates/*.j2     run log + catalog row Jinja templates
- catalog/README.md          service docs
- scripts/migrate-onyx.sh    phase-2 helper (rsync + .torrent ship, dry-run by default)
- scripts/add-tracker.sh     Prowlarr API helper
- scripts/killswitch-test.sh gluetun kill-switch verification (3 steps)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-20 01:15:43 +01:00

38 lines
1.6 KiB
Text
Raw Blame History

# compose/.env.example
#
# Copy to .env (gitignored) and fill in real values.
#
# Never commit .env. Forgejo PAT + Proton WG key + arr API keys = secrets.
# --- Timezone (logs + scheduling) ---
TZ=Europe/London
# --- Proton VPN (gluetun) ---
# Generate a dedicated WireGuard key in the Proton dashboard:
# Account → WireGuard → New Configuration → name it "nullstone-gluetun-arr"
# Do NOT reuse the host's wg-pvpn-A/B keys.
PVPN_WG_PRIVKEY=REPLACE_WITH_PROTON_WG_PRIVATE_KEY
# The address Proton assigns to the new key (e.g. 10.2.0.3/32).
PVPN_WG_ADDRESSES=10.2.0.3/32
# Country (P2P-permitted). Comma-separated to let gluetun pick from a pool.
PVPN_SERVER_COUNTRIES=Netherlands
# --- Catalog service: Forgejo push ---
# https://git.s8n.ru → Settings → Applications → Generate New Token
# Scopes required: repository (read+write), user (read).
# Token is embedded in the remote URL inside the catalog container.
FORGEJO_PUSH_TOKEN=REPLACE_WITH_FORGEJO_PAT
# Remote URL — leave default unless beta-flix is moved.
FORGEJO_REMOTE=https://git.s8n.ru/s8n/beta-flix.git
# --- arr API keys ---
# Fetch from each app's Settings → General → Security after first launch.
# Used by catalog service to enrich the webhook payload via API calls.
SONARR_API_KEY=REPLACE_WITH_SONARR_API_KEY
RADARR_API_KEY=REPLACE_WITH_RADARR_API_KEY
PROWLARR_API_KEY=REPLACE_WITH_PROWLARR_API_KEY
# --- Optional: forwarded-port sync helper ---
# If you add caillef/qbittorrent-port-sync later for ratio-critical seeding,
# the qbt webui password goes here (used by that helper, not qbt itself).
QBT_WEBUI_PASSWORD=REPLACE_WITH_QBT_WEBUI_PASSWORD
Reference in a new issue View git blame Copy permalink